Are Automotive 'Black Boxes' Secure?

The National Highway Traffic Safety Administration (NHTSA) proposed a rule this month ordering automakers to put so-called "black boxes" in all new vehicles by late 2014, but some experts are concerned that the new rule won't protect the security of the data stored inside.

A member of a working group at the Institute of Electrical and Electronics Engineers (IEEE) has cited problems with the new rule because electronic data recorders (EDRs, also known as "black boxes") could reportedly be accessed by anyone who wants to tamper with data after an accident. "We're all for event data recorders," Tom Kowalick, chairman of the IEEE Global Standards for Motor Vehicle EDRs and an author of seven books on EDRs, told Design News. "But we're also for some kind of basic consumer protection."

Kowalick contends that numerous companies already make software-based solutions for downloading and altering data after a crash. "Last time I looked, there were 23 companies making products that allow someone to erase your crash data," Kowalick told us.

Today, data can be easily collected with legitimate data retrieval systems that link up to a vehicle's onboard diagnostics (OBD-II) connector. Devices such as Bosch Diagnostics' Crash Data Retrieval systems make data accessible to professionals -- automakers, insurance investigators, accident reconstruction experts, and law enforcement agencies -- using the right software tools.

But Kowalick worries that the methodology leaves an opening for aftermarket products specifically targeted at tampering with the data. A simple search on YouTube using the terms "erase crash data" reveals numerous software products aimed at erasing or changing EDR data, he said. Some of those YouTube videos show tens of thousands of hits. Those systems, he said, enable others to change such data as wheel speed, engine speed, throttle position, steering wheel angle, airbag deployment, or other parameters after an accident has occurred. "Why would 100,000 people be looking at this?" Kowalick asked us. "Don't you think it's possible that someone is buying this software and using it?"

NHTSA's proposed mandate calls for all light passenger vehicles to install EDRs, beginning Sept. 1, 2014. A press release on the agency's website explains that the installed devices would only monitor such parameters as vehicle speed, brake usage, crash forces, throttle position, seat belt usage, and air bag deployment, among others. It added that the devices, which are now installed in as many as 96 percent of new cars, would not monitor personal identifying information. NHTSA did not respond to calls from Design News regarding data security issues, however.

Kowalick told us that he wants NHTSA to incorporate a set of IEEE standards (IEEE1616 and IEEE1616a) into its EDR description. The standards call for EDRs to use 86 additional data elements that reportedly aren't called out in NHTSA's description.

Kowalick also proposes addition of a mechanical lockout device that would help prevent data tampering. He is founder of a company called AirMika Inc. that makes an automotive cybersecurity lock.

Kowalick emphasized that the IEEE is not against the proposed NHTSA mandate. "There's no going back now -- the toothpaste is out of the tube," he said. "We're just saying that the data should be secure at the time of the crash, so it will still have scientific value."

Chuck, having some way to detect tampering would be a good first step. This is difficult, though. The first time that this data was used in a legal proceeding, if there were not more safeguards, it would be challenged as not being secure. Another big concern is the one you point out in the article. If the data were tampered with on a large scale, it would be scientifically useless. One would have to develop a tampering model to estimate the effect. Safeguards would be a much better solution.

CHUCK, your fine article points out serious common sense security issues that need to be addressed and resolved before the USDOT mandates EDR technology. If they continue to duck these issues consumers will be test dummies and may react with a backlash to this life saving technology. Seems to me like the IEEE did the heavy lifting up to this point. Kudos to them. What few people know is that NHTSA had been asked to act a few times already but they lack the congressional mandate to deal with privacy and consumer protection issues. Instead they express crocodile tears and pass the issue on to the states.

Crash reconstruction is not the only reason people would want to change the data contents. There is a huge industry in reconstructing titles, ie repairing totaled vehicles for re-sale and it is not in their interest to leave data showing how the vehicle was initially totalled or whether the air-bag deployed. Also, rental companies are already using data recorders to fine drivers for exceeding the speed limit. Following the "Do someting, even if it is wrong" governmental approach I wonder how this recorded data would be used to save lives as opposed to penalizing those who do not operate per the "approved" model. Once the data is stored, what limits do you suppose will be placed upon it's retrieval?

The whole business smells slightly fishy. HOW exactly is this data going to save lives? WHO is truly going to have access? WHEN can the black box be polled? The security of the data is almost secondary.

Another important question is exactly WHO is behind this initiative? Do you get the feeling the insurance industry is not a disinterested party?

Think about it. If you or a loved one were in a motor vehicle accident, is the first action you take to defend the integrity of the vehicle's black box? No, you're focused on the injuries and well-being of the person involved.

The wreckage gets towed away, maybe to an impound lot. By the time you get around to thinking about the black box (if you even know there is one), police and insurance company both have probably recorded its contents.

The data COULD be used to help diagnose a design/manufacturing flaw for recall, but there's already a pretty good process in place.

It's sad, but it seems that everything is up to the highest bidder. The Black Box information will probably be sold to the highest bidder and the lawmakers that should protect us will, instead, pass laws to protect the highest bidder.

It should be possible to add some hardware to the recorder to disable writing or erasing of the data after some set of inputs is sensed. This could be as simple as shutting off the memory write control lines shortly after the airbags deploy. It would need to be done in hardware because all software is suspect, and most of it can be hacked around. But using a hardware lock that would be obvious if t were defeated would be a workale approach. The next step would be a federal law making the use of the data as a marketing tool into a federal felony. But probably our morally corrupt lawmakers would resist that part. But disabling every function except the READ function, by means other than software, should be a very good first step.

If the data was used to improve the safety aspects of an automobile I would be all for implementation but, we all know that is probably not the intent. I hate to be the one wearing the "tin-foil" hat but, I don't trust the FED and certainly not the insurance industry. As mentioned previously, agencies will find a way to profit from the information; probably at the expense of the individual driver. The data is only as safe as the individual(s) looking at it. Just about everything now days is up for sale. Who is to say charges will not be brought after the fact when the "black boxes" indicate which driver was the cause of an accident—even a single car accident? I would love to know also the fine, if any, for disabling the "black box". This fact would definitely show intent.

I first learned about EDR's around 2005. A friend was retrieving data from crashed vehicles as a growing part of his consulting business. His clients were insurance companies. We agreed to disagree who owned the data...it was usually collected without the knowledge of the car owner.

California subsequently passed a law that EDR data belongs to the owner and cannot be retrieved without consent or a search warrant. But my auto policy makes me agree to cooperate and provide anything requested as part of a claim...so they essentially have free access to EDR data.

A good feature of EDR's would be a near-field RF sensor to detect cell phone use in the driver's seat position.

The other side of the coin is the data could prove a driver *not* at fault.

Earlier this year paralyzed IndyCar drive Sam Schmidt did the seemingly impossible -- opening the qualifying rounds at Indy by driving a modified Corvette C7 Stingray around the Indianapolis Motor Speedway.

Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.